Mobile Security Takeaways From the Healthcare CxO Summit

Ranjeet Vidwans | Oct 28, 2016

Last week I had the pleasure of attending the Marcus Evans Healthcare CxO Summit in Marina del Rey, California. At Blue Cedar Networks, we continue to believe that the US healthcare industry is ripe for hyper-mobilization due to the high sensitivity of its data, the urgency with which clinicians need “anytime / anywhere” access to that data, and the highly mobile and fluid nature of that caregiver workforce. That dynamic, combined with the success that we’ve seen in healthcare and the surrounding ecosystem (insurance companies, medical device manufacturers, etc.), made me keen to observe which themes would emerge after spending three days with several hundred doctors and nurses that serve as CEOs, CFOs, and in other senior executive positions in healthcare. 

Here’s what I saw …

Lots of People Carrying Two Phones

I had a series of one-on-one meetings during the conference. I was surprised to see how many of those people put two phones on the table when they sat down. Specifically, almost half of the people I met with (6 out of 14 to be precise) had two phones. That naturally became a point to start our conversation and the reasons they gave for carrying two phones fell into a few obvious categories: 

  • Privacy: All six people cited privacy concerns as the most crucial reason for keeping a personal device separate from a work device. Their concerns stemmed from the fact that the mobile security solutions their organizations were using were MDM-based, meaning that there was a device agent installed on their phone. This device agent is needed to be able to protect the organization in the case of device loss, but is also capable of seeing the user’s personal texts, emails, files, browsing history, etc. This was not something that these folks were comfortable with, and so they chose to carry two devices. 
  • Cost: Several of them shared that their organizations purchased their work devices, and also paid for their monthly usage for voice / data. If they chose to use their personal devices to access organizational apps and data, they would be responsible for their own device costs and monthly fees. Given that much of their voice and data consumption would be work-related, it was a no-brainer for them from a personal finance perspective to use a different work-funded device for work use. 
  • Preference: One of the people I met with just said that while the other two reasons certainly played a key role in the decision, he just had a strong underlying preference to keep a clear separation between his professional and personal lives. In his own words, “I can just turn this guy off when I walk out of the office”, pointing to his work-issued phone. 

Implication: While the scientific validity of my “survey” falls somewhere between a Facebook quiz and a Gallup poll, it’s clear that a broad swath of the user population in healthcare is carrying two devices around, and this represents an enormous opportunity for healthcare organizations.

  • By adopting an agentless approach to mobility, they can significantly reduce their costs by empowering and enabling more users to be comfortable using their personal devices, eliminating the need for the hospital to buy and maintain thousands of expensive devices that are prone to theft, loss, and breakage. They can also track activity just on “work apps,” thereby reducing the proportion of the monthly fees that they subsidize for each user. 
  • They can also dramatically improve user satisfaction by making end-users feel comfortable using their own devices in an easy and secure manner, in a way that doesn’t intrude on the user’s privacy by monitoring their personal app use / behavior. 

Millennials Are Now Doctors

The previous point about user satisfaction was particularly interesting in conjunction with another pattern that we’ve heard from our clients and which was reinforced at the event. Several of the conversations that I had were related to recruiting and retaining talented caregivers, and the interesting challenge that is presented by the evolution in the demographics of our workforce that has been topical of late. The latest wave of fully trained physicians that have entered the workforce in the last several years were born after 1980. Millennials are now doctors!! (Click to Tweet). 

A Wired article cites a US Bureau of Labor statistic that “by 2030 this hyper-connected, tech savvy generation will make up 75% of the workforce.” It goes on to say:

This new wave of people coming through office doors near you are not just tech literate, but accustomed to being connected anywhere, at any time. They’re a generation that can’t recall life before the Internet, they’ve always had a cell phone, they share their photos via Instagram and communicate with friends and family via Facebook and Twitter. Thanks to the rise of mobile, cloud and social, millennials are used to flexibility, openness and instantly connecting with people regardless of their location. What they’re not used to are constraints and being restricted by an IT department when it comes to using technology.

Having grown up with technology at their fingertips, millennials won’t put up with poor enterprise technology. (Click to Tweet)

This is an interesting trend to examine because it creates a challenging intersection where the enterprise mobility demands of this privacy-conscious, always connected, and rapidly growing demographic meets the heretofore intrusive and cumbersome way healthcare organizations have been providing mobile access.

Implication: Healthcare organizations need to heed what their newest physicians are asking for in terms of mobile access, because they are a bellwether and represent the tip of the iceberg that will follow in the years to come. In fact, one of our clients, a large 10 hospital system, cites improving physician loyalty as one of the key drivers for their new mobility initiatives. Hospitals that don’t prioritize usability or respect end-user privacy will not be able to attract and retain millennial doctors. (Click to Tweet

Affiliated vs. Employed Physicians

There is ample evidence that shows the undeniable trend that physicians are increasingly going the “employed” route instead of starting and maintaining their own private practices. However, there are two considerations that merit further scrutiny within the context of this macro-trend. 

First, there are still a large number of physicians that are in private practice. While those numbers are declining, given the number of practices in existence as this trend started and the rate at which that trend is progressing, large numbers of non-employed physicians practicing at healthcare organizations will continue to be the operating reality for many years to come.

This is compounded by the fact that while some physicians that are choosing employment over private practice are doing so with hospitals, many are also doing so with medium and large physician groups comprised of anywhere from 20 to several hundred clinical professionals. From a healthcare organization’s standpoint, these employed physicians still remain “affiliates” to them as they are not directly employed by the healthcare organization itself.

Implication: Affiliated physicians need the same “anytime/anywhere” access to clinical data as employed physicians. As an article from the Navigant Center for Healthcare Research & Policy Analysis states, “Physicians want clinical autonomy whether employed or not. Physicians want the technologies and tools that are required to ply their trade and they expect them to help, not hinder their work.” Hospitals must provide a way that makes it fast, easy, and secure for affiliated physicians to access patient data. (Click to Tweet

Innovation Spurs Transformation

The mobile technology posture of the hundred or so organizations at the event was varied. There were smaller outfits that were getting their arms around basic mobile access for off-site scenarios. At the opposite extreme I heard an amazing story about how Dartmouth-Hitchcock is using cutting-edge cloud, mobile, and big data / analytics technologies to transform how people take a more engaged and proactive approach to their own health, and improve the overall health of the population at large.

This was one of several state-of-the-art use cases that I had a chance to learn about. The common pattern here (and one that is reinforced based on what we’ve seen with our other healthcare clients) is that only organizations that budget for innovation drive game-changing solutions that transform “the art of the possible” (Click to Tweet). These kinds of powerful new use cases were not being championed by the office of the CIO (though the CIO, CMIO, and others are certainly key stakeholders). Rather, they were being driven by an arm of the organization that had both mandate and budget for evaluating how emerging technologies could be leveraged to improve all aspects of the healthcare lifecycle.

Implication: IT has their hands more than full making sure that the current needs of employees, staff, and customers (patients) are being properly serviced. Organizations that want to make quantum leaps need to invest both financial and human capital into a dedicated arm that looks forward while IT takes care of today’s problems.  

This was an excellent event and I’m delighted to have had a chance to participate. I was happy to see many of our preconceived notions being reinforced. I was happier still to hear new ideas about how secure mobility, in conjunction with other technologies, is working towards improving our health as a whole.

Let’s Stay In Touch
All our latest content delivered to your inbox a few times a month.